Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5f3187-3beb-4c4b-9a44-d6bd55a9e36d/1/XZwNH8EOpzZcFiUD7mLnV55pRpY.roa
File: XZwNH8EOpzZcFiUD7mLnV55pRpY.roa (raw, json)
Hash identifier: gqDaJpD4+VHFaYCt/Z//ITZML/mRodUJYec1d2U3fXo=
Subject key identifier: 5D:9C:0D:1F:C1:0E:A7:36:5C:16:25:03:EE:62:E7:57:9E:69:46:96
Certificate issuer: /CN=0f89c8697f7792caaf599664e89ace65244f8ae8
Certificate serial: 018CCA99664B4FDE336D31081B4AF9E0577A
Authority key identifier: 0F:89:C8:69:7F:77:92:CA:AF:59:96:64:E8:9A:CE:65:24:4F:8A:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D4nIaX93ksqvWZZk6JrOZSRPiug.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/5f3187-3beb-4c4b-9a44-d6bd55a9e36d/1/XZwNH8EOpzZcFiUD7mLnV55pRpY.roa
Signing time: Tue 02 Jan 2024 14:35:00 +0000
ROA not before: Tue 02 Jan 2024 14:35:00 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51690
IP address blocks: 91.220.33.0/24 maxlen: 24
185.9.202.0/24 maxlen: 24
185.9.203.0/24 maxlen: 24
185.9.200.0/23 maxlen: 23
Validation: Failed, certificate revoked on Wed 01 Jan 2025 11:48:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:99:66:4b:4f:de:33:6d:31:08:1b:4a:f9:e0:57:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0f89c8697f7792caaf599664e89ace65244f8ae8
Validity
Not Before: Jan 2 14:35:00 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5d9c0d1fc10ea7365c162503ee62e7579e694696
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:a8:48:9c:90:cf:1d:d3:d7:17:66:0a:e1:14:
65:4b:a5:dc:05:b5:c1:f6:8c:76:7c:5c:ef:7d:df:
c1:7d:26:01:1d:25:0f:52:51:a8:84:bb:ec:16:4d:
cd:33:9b:6e:99:b1:f6:01:aa:ac:94:5d:fe:71:b0:
ff:e4:97:cf:a2:70:4b:fe:99:ad:c5:a4:2d:bf:a8:
57:1d:f4:cf:7e:47:c9:3d:8b:86:80:99:fc:20:b8:
fa:d2:ce:9a:37:63:51:c8:b4:dd:4e:1b:8c:c3:cf:
d4:25:67:b1:8a:79:3f:33:ae:62:af:6e:91:51:25:
0f:2f:44:14:aa:5d:b2:07:12:6d:3d:d7:73:55:99:
a5:3b:a0:e4:a6:4c:59:cf:f0:88:46:7f:07:07:9e:
c4:bd:b7:8c:5f:bc:d5:b0:44:5d:88:2e:83:87:95:
6b:93:28:cc:a8:58:77:f4:31:16:0d:df:a1:d2:10:
10:95:31:71:69:44:25:cb:62:53:67:c9:05:6e:d8:
fc:3b:de:78:86:af:e1:1f:de:15:d0:03:2e:26:c2:
5d:36:43:03:9e:59:fa:f2:95:38:3a:0c:53:f9:58:
f5:4e:13:d3:78:df:5d:f3:d2:4e:6c:89:fd:05:bc:
f3:2a:c8:49:91:95:6d:08:d4:30:72:96:e0:6f:7a:
8f:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:9C:0D:1F:C1:0E:A7:36:5C:16:25:03:EE:62:E7:57:9E:69:46:96
X509v3 Authority Key Identifier:
keyid:0F:89:C8:69:7F:77:92:CA:AF:59:96:64:E8:9A:CE:65:24:4F:8A:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D4nIaX93ksqvWZZk6JrOZSRPiug.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5f3187-3beb-4c4b-9a44-d6bd55a9e36d/1/XZwNH8EOpzZcFiUD7mLnV55pRpY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5f3187-3beb-4c4b-9a44-d6bd55a9e36d/1/D4nIaX93ksqvWZZk6JrOZSRPiug.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.220.33.0/24
185.9.200.0/22
Signature Algorithm: sha256WithRSAEncryption
a3:fc:44:86:bb:ff:6d:ed:bd:fd:e1:3c:a0:34:c1:d3:e8:50:
20:b4:57:fe:42:18:32:9f:f6:c4:64:97:aa:4d:04:a8:1c:7c:
1c:07:eb:69:54:9c:52:a3:6d:17:0e:38:1a:49:c4:f8:72:79:
a2:b4:12:c9:dd:df:3e:ac:b6:1a:08:52:2c:a9:ba:e3:db:62:
27:68:03:bf:15:f1:47:7f:6c:d8:c9:59:8b:31:46:92:f8:30:
dd:ef:7c:ff:7b:7b:1c:37:75:7a:85:ee:ae:28:db:e2:53:7f:
f3:12:c2:ad:74:b8:71:40:a3:eb:78:93:85:ff:1f:89:a7:f8:
dd:72:ad:79:a4:7f:95:d7:93:e2:4b:fd:e4:31:d6:b3:4e:8b:
05:d5:f8:ef:38:21:eb:f0:4a:be:ee:0d:94:7c:ac:30:49:0f:
d0:bc:b1:d5:21:ef:44:28:08:90:cd:95:3f:90:3c:20:58:f9:
00:c8:e3:55:fe:48:cb:00:eb:28:8d:de:f8:c8:01:31:6b:24:
94:78:eb:ac:00:fb:a5:f2:4e:8f:ba:be:7e:a9:7f:b9:4a:e4:
d6:c4:d4:8b:ef:70:b1:18:32:15:ba:36:0f:8e:01:e5:d8:33:
4b:9f:22:73:b7:91:89:2e:49:ea:de:55:c0:63:91:66:1b:bf:
18:39:21:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmWZLT94zbTEIG0r54Fd6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmODljODY5N2Y3NzkyY2FhZjU5OTY2NGU4OWFjZTY1MjQ0
ZjhhZTgwHhcNMjQwMTAyMTQzNTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDljMGQxZmMxMGVhNzM2NWMxNjI1MDNlZTYyZTc1NzllNjk0Njk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36hInJDPHdPXF2YK4RRlS6XcBbXB
9ox2fFzvfd/BfSYBHSUPUlGohLvsFk3NM5tumbH2AaqslF3+cbD/5JfPonBL/pmt
xaQtv6hXHfTPfkfJPYuGgJn8ILj60s6aN2NRyLTdThuMw8/UJWexink/M65ir26R
USUPL0QUql2yBxJtPddzVZmlO6DkpkxZz/CIRn8HB57EvbeMX7zVsERdiC6Dh5Vr
kyjMqFh39DEWDd+h0hAQlTFxaUQly2JTZ8kFbtj8O954hq/hH94V0AMuJsJdNkMD
nln68pU4OgxT+Vj1ThPTeN9d89JObIn9BbzzKshJkZVtCNQwcpbgb3qPCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF2cDR/BDqc2XBYlA+5i51eeaUaWMB8GA1UdIwQY
MBaAFA+JyGl/d5LKr1mWZOiazmUkT4roMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDRuSWFYOTNrc3F2V1paazZKck9aU1JQaXVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZjMxODctM2JlYi00YzRiLTlhNDQt
ZDZiZDU1YTllMzZkLzEvWFp3Tkg4RU9welpjRmlVRDdtTG5WNTVwUnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZjMxODctM2JlYi00YzRiLTlhNDQtZDZiZDU1YTllMzZk
LzEvRDRuSWFYOTNrc3F2V1paazZKck9aU1JQaXVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9whAwQC
uQnIMA0GCSqGSIb3DQEBCwUAA4IBAQCj/ESGu/9t7b394TygNMHT6FAgtFf+Qhgy
n/bEZJeqTQSoHHwcB+tpVJxSo20XDjgaScT4cnmitBLJ3d8+rLYaCFIsqbrj22In
aAO/FfFHf2zYyVmLMUaS+DDd73z/e3scN3V6he6uKNviU3/zEsKtdLhxQKPreJOF
/x+Jp/jdcq15pH+V15PiS/3kMdazTosF1fjvOCHr8Eq+7g2UfKwwSQ/QvLHVIe9E
KAiQzZU/kDwgWPkAyONV/kjLAOsojd74yAExaySUeOusAPul8k6Pur5+qX+5SuTW
xNSL73CxGDIVujYPjgHl2DNLnyJzt5GJLknq3lXAY5FmG78YOSHU
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:22:11 2025 by rpki-client